Detokenization of the Credit Card

Last updated: November 27th, 2020

Learn about credit card de-tokenization inside Octorate

You will need to contact Octorate for this Step and prepare to devel a flow that will require some time and some mails, is not always possible to access the credit cards (it depends on how much data you can process).

What is detokenization?

A good security for credit cards would involve to have a separate area to store the credit cards and avoid to persist them in the normal datastore since this would means that a security breach may involve in plain credit card details revelead.

This must be done according to the PCI standards, where we you will have some special methods to process the card, reveal their details only to the property and execute actions, always without knowing the credit card details.

Requirement: You will need a static (or a range) of IPs to use this service, that you have to agreed with Octorate.

Who are the part involved?

In this process there a 4 or 5 parts involved

  1. The credit card senders
  2. Octorate
  3. Your system
  4. The dedicated api for the credit cards
  5. (Optionally) The payment processor that is able to debit the card.
In the same order the CVV is passed hand by hand, so it’s assumed only one actor can process the credit card information, directly or indirectly

Authentication Process and Technical Documentation

In order to process this credit card, you must apply to a special procedures that would allow us to verify your identity and to give you the new documentation to execute this process.

Unfortunately at this stage we are not able to give the credit cards to all our actors, so this application according to the volume of transaction you expect to process may be rejected.

The token that you need to use inside this process is reported inside the json reservation in the path $.card.token

European SCA, Virtual Cards

In order to process payments in Europe, you need to be ready to support the SCA authentication process where the customer may not be inside your system when the authentication of the payments is required. Authentication is the process where the banks wants to send the sms to the customer to check if he’s aware of the transaction.

This process is explained in the documentation we can provide, plan extra time to handle these cases

Take also in consideration that sometimes, some OTAs to elude this process, may send to hotel virtual cards issued by them. In this case, take have a look to $.card.cardVirtual boolean value, since these cards are usually restricted in time and amount.

Expected Flow in case you want to see the cards

In case you want to see the credit cards we expect you to do this step:

  1. 1.Create the credit card account to the customer, in order to choose the password to see the credit cards using the provided documentation (Only once)

  2. 2.Read the reservation details and persist the credit card token inside your system

  3. 3.Using the secret api, create a link to see the details of the credit card

  4. 4.Using an iframe you can embed this link, customer will need to enter the secret code to see the credit card details.

Expected Flow in case you want to process payments

In case you want to execute some payment, you will need to connect to a processor.

The flow to connect to the processor and retrieve the credentials may vary according to each processor but the way to process after the payments is always the same:

  1. 1.Ask through the api to create a customer inside the processor

  2. 2.Ask to debit a define amount inside this processor

  3. 3.Register the transaction details inside your system

Note: Is not always possible to store the card inside the processor, some processor may require to execute the payment once and then the credit card is “consumed”.

Expected Flow in case you want to send the credit cards

In case you want to send the credit card to us, you will need to send the credit card to a specific endpoint.

The format of the request is defined inside our API in the section “Reservation”→”Add Card”.